Records Management Best Practices Guide

A Practical Approach to Building a Comprehensive and Compliant Records Management Program Protecting and Managing the World’s Information.

Since 1951, Iron Mountain has been the partner that thousands of companies depend on to store, manage, and protect records, media, and electronic data in any format, for any length of time. Today, we continue to lead the industry as the only partner you can trust to design and implement a comprehensive and com- pliant records management program. We have more expertise, resources, experience, proven processes, and responsive services to meet your information management challenges now and in the years ahead.

p. 2 | ironmountain.com The Iron Mountain best practices initiative is a direct response to requests from our cus- tomers for guidance on:

• Best-in-class compliant records management practices • Continual program improvement ideas • Government regulations that impact records and information management

Now, more than ever, it is critical that organizations have solid records management prac- tices in place for all media across all business units. These practices should feed into a comprehensive and consistently applied records management master plan. Organizations that meet and demonstrate regulatory compliance will be the ones that stand out and are identified as the best in class, while others scramble to protect their corporate reputation and shareholder value.

This Records Management Best Practices Guide represents the collective experiences of hundreds of thousands of Iron Mountain customers — and over fifty years of records man- agement history. From those years of experience, records management fundamentals have been tried and proven true, processes and workflows have been crystallized for greater efficiencies and less exposure, and best practices have evolved to cover the many integral aspects of proper records management. These best practices are provided here as a practical approach to a comprehensive and compliant records management program.

C. Richard Reese Chairman and Chief Executive Officer Iron Mountain Incorporated

Records Management Best Practices Guide | p. 3 Table of Contents

p. 4 | ironmountain.com Introduction

Why Do You Need BestPractices for Records Management?...... 6

Why Is Consistency So Important? ...... 8

Where Do We Start?...... 9

Records Management Best Practices

I. Retention ...... 12

Identify Major Record Groups...... 13

Create A Universal Record Classification Scheme ...... 13

Perform Legal Research...... 14

Overlay Operational Retention Requirements ...... 14

Guiding Principles of Retention...... 15

II. Policies and Procedures ...... 16

Guiding Principles of Policies and Procedures ...... 17

III. Access and Indexing...... 18

Guiding Principles for Access and Indexing ...... 19

IV. Compliance and Accountability ...... 20

Guiding Principles of Compliance and Accountability...... 21

V. Disposal ...... 22

Guiding Principles of Disposal...... 24

Conclusion ...... 26

Records Management Best Practices Guide | p. 5 Introduction

Why Do You Need Best Practices for Records Management?

p. 6 | ironmountain.com A compliant records management program is necessary for organizations to proactively and pro- gressively manage all data, media and information. As the number of laws and severity of punishment governing records management continues to increase, it becomes even more para- mount that organizations follow best practices for proper records management. Organizations need to demonstrate “good faith” intentions to follow these best practices consistently and accurately. An organization with a solid foundation of proven successful records management practices will:

• Preserve the right information for the correct length of time

• Meet legal requirements faster and more cost effectively

• Control and manage records management storage and destruction fees

• Demonstrate proven practices of good faith through consistent implementation

• Archive vital information for business continuity and disaster recovery

• Provide information in a timely and efficient manner regardless of urgency of request

• Use technology to manage and improve program

• Integrate policies and procedures throughout organization

• Establish ownership and accountability of records management program

• Arrange for continuous training and communication throughout the organization

• Project an image of good faith, responsiveness and consistency

• Review, audit and improve program continuously

These features must all exist as part of a compliant records management program. Independently, each represents a good practice; as a unit, they serve as a solid foundation of best practices for records management.

Records Management Best Practices Guide | p. 7 Introduction (cont.)

Why Is Consistency So Important?

There is one phrase that resonates as a theme for simple and complex aspects of compliant records management programs:

CONSISTENCY IS EVERYTHING

• Develop a single Records Retention Schedule for your organization and implement it consistently across your enterprise. • Write Records Management Policies and Procedures and apply them consistently. • Formalize records destruction practices and destroy records consistently and systematically.

These and many other Guiding Principles of Compliant Records Management are listed after each of the five Best Practice areas. Keep your program elements simple and consistent. Your records management program will be judged by the consistency of its implementation, not the details of the program’s design.

p. 8 | ironmountain.com Where Do We Start?

The early creation of an executive steering committee comprised of senior management across all departments is instrumental to the success and implementation of a compliant records manage- ment program. By creating an active steering committee, your organization will be positioned to proactively address the changing business climate and the ever-increasing regulatory controls for records and information management. The Compliance & Accountability Best Practice section of this guide will provide more information on how to organize for success.

Once your executive steering committee members have been identified, we would suggest they each read and make sure they fully understand the best practices in this guide.We have broken the best practices down to the following five Best Practice areas:

• RETENTION • POLICIES & PROCEDURES • ACCESS & INDEXING • COMPLIANCE & ACCOUNTABILITY • DISPOSAL

For each of these Best Practice areas we have included an overview and guiding principles.

Records Management Best Practices Guide | p. 9

RECORDS MANAGEMENT BEST PRACTICES I. Retention

A sound and legally compliant records retention policy, including a Records Retention Schedule is the foundation of a good records management program.

This is the platform for thorough protection of organizational assets and the surest method to avoid risk and litigation.

A Records Retention Schedule is a document that an organization uses to ensure that records are kept only as long as legally and operationally required, and that obsolete records are disposed of in a systematic and controlled manner. A Records Retention Schedule supports an organization’s effort to manage intellectual property, control the costs of information storage, locate and retrieve docu- ments for legal discovery, and dispose of records at the end of their business life. Instituting a formal and legally credible Records Retention Schedule enables an organization to meet the legal requirements of mandated retention periods.

The Records Retention Schedule represents all records created by an organization across divisions and functions, regardless of media type (hardcopy or electronic). Retention periods are based on legal, regulatory, and operational requirements. The development of a legally credible Records Retention Schedule is broken down into four activities:

• Identify major record groups • Create a universal classification scheme • Perform legal research • Overlay operational retention requirements

p. 12 | ironmountain.com IDENTIFY MAJOR RECORD GROUPS CREATE A UNIVERSAL The first step in identifying major record groups is to inven- RECORD CLASSIFICATION SCHEME tory each type of record and record keeping system within One of the most important tasks in organizing your records your organization. A records inventory is a complete and is to establish a record classification scheme. A record accurate listing of the locations and contents of your orga- classification scheme is a grouping of records by business nization’s records — whether paper or electronic. The scope function, record class, and record type as a way of dealing of the records inventory should extend across business more practically with high volumes of records. Record units, formats and systems. Conducting a records inventory classification schemes provide a basis for making correct is a critical first step because it not only identifies, but also decisions about records. quantifies all of the records created and processed by the Many companies can establish ten (or fewer) broad record organization. Ultimately, the records inventory becomes the functions, such as Operations, Accounting, Financial, Tax, basis for preparing the retention schedule. Until you know and Legal. These top-level record functions are broken what you have, it is impossible to establish any type of down into record classes, which are, in turn, broken down records program. into record types. The following is an example: Your records inventory should group records into broad Record Function: Accounting categories — called record classes. These classes will form Record Class: Accounts Payable the basis of your Records Retention Schedule. It is also crit- Record Types: Accounts Payable Aging Reports, Accounts ical that the organization agree at an early stage on the Payable Distribution Reports, Cash Disbursement Reports commonality of terms to be used. This will ensure consis- tent nomenclature and usage for all aspects of the records and information management program.

Records Management Best Practices Guide | p. 13 I. Retention (cont.)

PERFORM LEGAL RESEARCH It is important to conduct legal research to determine what the retention period for each record class must be. This work often requires the assistance of legal counsel, consultants or external records management experts.

At a minimum, these types of legal requirements must be considered:

• Federal • State • Local • International (if relevant)

Examples of groups that issue such regulations include:

• Securities Exchange Commission (SEC) • Federal Trade Commission (FTC) • Federal Communications Commission (FCC) • Environmental Protection Agency (EPA) • National Labor Relations Board (NLRB) • Internal Revenue Service (IRS) • Equal Employment Opportunity Commission (EEOC) • Occupational Safety and Health Administration (OSHA)

OVERLAY OPERATIONAL RETENTION REQUIREMENTS In addition to legal requirements, operational retention requirements must also be taken into account. This is the length of time that a record must be retained to meet departmental, operational or user group record needs. The final retention period should be the longer of the two.

p. 14 | ironmountain.com GUIDING PRINCIPLES OF RETENTION

• Adopt one universal Records Retention Schedule • Define for each record class, the triggering event that is applied across all business units and that (such as a business acquisition, merger or closing); captures all the records, regardless of media, that that must occur for a record to become inactive, are created or received by the organization in the thus signaling the beginning of the retention conduct of business. period count.

• Create an “E-mail Appropriate” Retention Schedule • Categorize business records as either “official” subset that shrinks and consolidates the available records or “convenience copy” records. The Records e-mail record classes. This “E-mail Appropriate” Retention Schedule governs the retention period for Retention Schedule simplifies the e-mail classifica- the “official” records.“Convenience copy” records are tion and archiving process for employees. typically retained for 30 days, but not longer than one year.“Convenience copy” records should be • Support the Records Retention Schedule with legal destroyed when they no longer have business value. research that encompasses the specific federal, state and local retention requirements that are • Put into place a process that requires employees to applicable to the organization. classify and retain e-mails that are official records. As part of this process, implement an automated • Re-examine the Records Retention Schedule for e-mail warning system to force employees to possible updates and revisions at least every two review and make a decision about e-mails in their years, in order to ensure that the classification mailbox. All e-mails that are not classified should scheme and legal research are current. be purged according to a predefined schedule. • Review and take into consideration the statutes of • Reduce the number of records that have no ongoing limitation and limitation of actions that dictate the business value or usefulness in order to reduce risk period of time in which a lawsuit may be filed or and cost. Conduct corporate-wide annual reviews of fine assessed when establishing a final retention onsite records to determine those that are no longer period for the organization’s records. active. Inactive records may be sent to off-site storage. • Review and apply to the final retention period, • Identify vital or “mission critical” records that all business or operational requirements for the are essential to protect the financial, legal, and retention of records. operational functions of the organization and its • Create a Records Retention Schedule at a record customers, employees, and shareholders. class level that identifies broad categories represent- • Establish a process to rollout and implement the ing the business functions of the organization, Records Retention Schedule to include initial and rather than all-encompassing departmental ongoing training programs for all employees listings of records. within the organization. • Preserve historical documents in media-appropriate archival conditions.

Records Management Best Practices Guide | p. 15 II. Policies and Procedures

An organization’s records management program should be supported by policies and procedures that address each component of the records manage- ment program in accordance with operational and legal requirements.

An organization may have separate policies and procedures for records retention, active file management, inactive file management, vital records, e-mail management, and any other area of records management. Policies and procedures set standards and serve as evidence of manage- ment’s support of and investment in a compliant records management program. They should address ALL records regardless of media type, making sure to include positions on electronic records and e-mail practices. Records management program guidelines must be consistently and univer- sally applied. Roles and oversight responsibilities are to be designated and defined. Policies and procedures should be accessible and communicated clearly and consistently through- out an organization. When employed properly, they work in conjunction with an organization’s Business Continuity Plan and Disaster Recovery Program.

p. 16 | ironmountain.com GUIDING PRINCIPLES OF POLICIES AND PROCEDURES

• Produce a single set of documented policies and • In the event of litigation, audit, or governmental procedures governing the retention and destruc- investigation being commenced at some point in tion of business records and apply them the future, a system of “holds” should be assigned consistently. to records subject to legal constraints. Records that are under a “hold” order should not be destroyed • Establish organization-wide records management even when permitted by the organization’s Records policies and procedures for records of all media types. Retention Schedule. • Establish business continuity and disaster recovery • Institute annual organized purges of onsite records procedures. with the intention of identifying and consequently • Determine procedures for the creation, retention, sending inactive records off-site to storage. destruction, access, and storage of electronic records. • Establish an annual audit of the company’s records • Define and outline the handling of official versus management program. convenience records and active versus inactive • Define the records management related roles and records. responsibilities within an organization including • Create and enforce a corporate-wide e-mail man- those for the Steering Committee, department agement policy that includes components such as: managers, company employees, tax, legal, IT, and internal audit departments, and create a position – A clear statement that e-mail content that will be responsible for overall records manage- belongs to the company – Defined limitations on personal use of e-mail ment administration. – Expectations that there is no privacy of • Institute storage procedures for onsite, off-site, corporate e-mail and electronic records. – Clear definitions of what is and is not appropriate e-mail content • Provide records management program employee – Password and encryption standards for training on an ongoing basis and distribute the the company records management program policies and – Employee sign-off that they have read and procedures to new employees. understood the policy • Establish and enforce employee accountability • Outline records disposition policies and procedures for the compliance of the records management as an established pattern of systematic document program. This can be done by including it as an retention and destruction. This prohibits selective element in performance appraisals and instituting destruction of records. disciplinary actions for violations.

• Align backup policies with e-mail retention policies. • Identify and protect “vital” records that are essen- • Develop information security measures to ensure tial for the continued operation of an organization compliance with privacy requirements. in the event of a disaster or crisis.

Records Management Best Practices Guide | p. 17 III. Access and Indexing

The success of a records management program hinges on the ability to access information for business support, litiga- tion response, or compliance reasons.

Organizations need the ability to access records by multiple indexing parameters such as subject matter (content and context), record creator,intended recipient, date, etc. Proper indexing methods are one of the easiest ways to recognize significant returns on investment. Well-indexed records ensure easy access and reduced time and financial cost. Poor indexing methods will result in additional fees and more labor expended. The inability to satisfy record retrieval requirements can result in major fines, increased litigation, and the degradation of overall service quality within an organization.

Access and indexing are dependent on one another because records must be properly organized to enable timely, accurate, and controlled access. Just as an index in a book directs the reader to a specific page, a records index directs the record user to a particular place where the required information is located. The location may be a paper or microfilm filing system or an electronic storage location, such as a network directory or electronic document management system. Once the record location is identified, access can be authorized by various security controls.

Storing e-mail and other electronic records on backup tapes will not meet regulatory, legal and business access requirements. Backup tapes are designed for disaster recovery; they were never designed for retention, legal discovery or low-cost, long term archiving of electronic records. E-mail records should be migrated to a digital archive designed for low-cost, long term archiving. This archive should have tools for easy searching, discovery organization and retention management.

p. 18 | ironmountain.com GUIDING PRINCIPLES OF ACCESS AND INDEXING

• All records should be indexed in a systematic • Limit individual employee access to records unless manner, by subject matter, regardless of the it is necessary in order to conduct authorized storage medium or location. business and is approved in accordance with estab- lished organizational practices and procedures. • Establish a consolidated records management system that links the organization’s records to its • Develop an annual formal review of the records Retention Schedule through a record classification management system, record classification scheme scheme. and centralized index to validate that structure is consistent, accurate, appropriate and reflects any • Populate the record classification scheme (also changes in business. known as a taxonomy or file plan) with standard indexing parameters to include record class code, • Determine the suitable turnaround time for business function, record creator, dates, and other retrieval of different categories of records for applicable indexing parameters. onsite, off-site, and electronic records.

• File paper records in filing systems and electronic • Ensure that storage of records onsite and off-site records in network directories that are categorized guarantees security, consistency, accessibility, by the same record classification scheme and and confidentiality. time period. • Migrate electronic records to a digital archive that • Identify records in all media by conducting can provide secure access to e-mails and instant searches of the record classification scheme. messages for regulatory, legal or future business (See record classification scheme on page 13.) purposes.

• Implement a proper authorization process to ensure protection of the confidentiality of an organization’s records, maintain the confidentiality of customers’ personal information, and prevent unauthorized disclosure to third parties.

Records Management Best Practices Guide | p. 19 IV. Compliance and Accountability

The benefits of a major investment in an enterprise records management program will be short-lived if employees are not in compliance with the program and its policies. The critical components for compliance are organization-wide accountability and auditing.

ORGANIZATION-WIDE ACCOUNTABILITY AUDITING Records ownership at every level of the organization is To ensure compliance, the records management program required to achieve compliance. Without senior-level spon- should be integrated into the organization’s internal sorship and commitment, the program is bound to fail. audit process. Key program components that should be There must be a corporate records manager to administer periodically audited include: the program at a corporate level as well as a designee in • Destruction timeliness each business unit accountable for implementation in • Retention schedule accuracy with the latest their division. Finally, each employee should be required to laws and regulations acknowledge that they have read and understood the • Classification accuracy and completeness records management policies and procedures. • Business unit compliance • Hold administration • Program training and communications delivery

p. 20 | ironmountain.com GUIDING PRINCIPLES OF COMPLIANCE AND ACCOUNTABILITY

• Establish a corporate records management program • Regularly communicate records management Steering Committee comprised of a designated program information to employees via a company records manager and representation from legal, newsletter and use of an Intranet site. IT, finance, tax, human resources, and risk manage- • Introduce measures of performance related to ment, to be responsible for overseeing the records consistent retention and destruction of records, management program, providing high-level both paper and electronic. management, strategic insight, and oversight of the program. • Include records management as part of the company’s internal audit process to ensure that • Schedule Steering Committee meetings at appropri- consistency, compliance, and legal requirements ate intervals to assess the current state of the are met. records management program. Specific responsibili- ties include providing high-level management and • Audit compliance adherence to corporate electronic oversight of the program; assuring that the records records, e-mail retention and deletion policies by management program is properly maintained and involving the IT department. updated; and recommending staff and system • Create a records management acknowledgement resources. program that requires employees to sign a docu- • Designate a Corporate Records Manager to adminis- ment confirming their receipt of training and ter the program at the business unit or department understanding of records management policies level to facilitate accountability throughout the and procedures. entire organization.

• Support the records management function with the appropriate resources and experts internally and externally.

Records Management Best Practices Guide | p. 21 V. Disposal

Consistent disposal practices provide retention and regulatory compliance and decrease corporate risk when conducted in accordance with an approved Records Retention Schedule.

An established pattern of systematic records retention and disposition serves as evidence of an organization’s good faith in attempting to conform to the law. Haphazard patterns of records disposal may appear suspicious and can suggest that unfavorable or embarrassing records were destroyed intentionally.

Records disposition should be an inherent element of an organization’s overall records manage- ment program and should cover both active and inactive records. Standard policies should be set at the corporate — not department — level and be reviewed by legal and compliance professionals. The implementation of the policies should be treated as a consistent process, not an event, because they will need to keep pace with organization growth and regulatory changes.

Upon expiration of a record’s required retention period, all records identified as eligible should be approved for destruction unless there is a legitimate business reason to postpone that destruction. The official version or “record copy” of a particular record should be maintained for the longest approved retention period subscribed in the Records Retention Schedule. Any unofficial or “conven- ience copy” of a record may be destroyed once it has met the business need for which it was kept. For example, the official version of an expense report may be required for the completion of an organization’s tax audit. However, specific departments or individuals may keep copies within their offices for convenience. Once the need for those convenience copies is complete, those versions of the record may be destroyed.

p. 22 | ironmountain.com Records that are subject to litigation, government investi- gation, or audit cannot be destroyed even when permitted by the Records Retention Schedule. Procedures should be in place stating that the destruction of relevant records must be temporarily halted until such time as official notification is provided that destruction can resume. Documentation of records disposal should state the record’s information and when such records were disposed. Proper and regular dis- posal of records reduces storage and labor costs associated with unnecessary maintenance of records retained past their retention requirements.

The proliferation of privacy laws, in the United States and in other global jurisdictions, is impacting the way in which companies conduct business, especially in how they protect records. The protection of such records includes require- ments for secure destruction. An organization should develop and implement a special program for confidential records destruction. This is especially critical regarding vital organization information, such as sensitive internal docu- ments, patents, proprietary and trade secrets. The program

Non-confidential records may be disposed of by using a variety of recycling methods. However, confidential records should always be securely shredded to ensure that there is no risk to the organization from the possi- ble release of confidential information. should ensure that there are consistently applied proce- dures for properly identifying and disposing of confidential records once they are no longer needed. The program should be communicated and assessed throughout the entire organization.

Records Management Best Practices Guide | p. 23 V. Disposal (cont.)

GUIDING PRINCIPLES OF DISPOSAL

• Determine appropriate method of disposal by • Ensure that employees are aware that premature records class or media type. destruction of records is expressly prohibited, and if intentional, may result in disciplinary action, up • Institute a consistent and secure system for the to and including termination of employment and disposal of records in accordance with an approved possible civil or criminal liability. Records Retention Schedule. • Review all official records that have fulfilled their • Develop disposal procedures that demonstrate retention period to ensure that their destruction authorization, adherence to confidentiality and complies with the standard policy and procedures security requirements, and recognition of suspend- and that the records are free of all retention holds. ed records or those on “hold”. • Discard, once they have fulfilled their purpose, • Distribute to necessary parties for their review all any unofficial records. Draft documents should be records pending disposal according to the organiza- disposed of as soon as they have been superseded tion’s Records Retention Schedule and ensure that by an official version. authorization for disposal is confirmed. • Under no circumstance should duplicates or drafts • Classify as confidential and securely shred any (unofficial records) be retained longer than the records that contain personally identifiable infor- official versions of the records. When records are mation about individual customers or employees. approved for destruction, all copies in the posses- Some examples of this data include social security sion of employees in all media and formats must numbers, date of birth, bank account information, also be discarded. Personal Identification Numbers, passwords, drug prescription information, mothers’ maiden names, etc. Any records that contain personal information should be classified as confidential and shredded to protect the privacy of employees, shareholders, customers, patients and other individuals. This will also protect the organization from liability.

p. 24 | ironmountain.com • Suspend all regularly scheduled destruction of • Maintain a final destruction listing report that lists relevant records (including e-mail records) when it record identification number, destroy dates, and becomes clear that there is a possibility of litiga- who authorized the destruction. tion, audit, or governmental investigation being • Institute consistent and appropriate disposal commenced at some point in the future by or practices for records residing at both onsite and against an organization. In order to prevent these off-site locations. records from being inadvertently destroyed, a system of “holds” should be assigned to records • Migrate e-mail and instant message records to a subject to these legal constraints. Records that are digital archive that is designed to apply the Records under a “hold” order cannot be destroyed even Retention Schedule to the stored electronic records, when permitted by an organization’s Records and purge them at the end of their retention period. Retention Schedule. Give departments review • Review records documenting the organization’s deadlines from the date of receipt of the report of past, its development, significant events, and records eligible for destruction and Department key personnel to determine if they should be Managers should provide justification why specific designated as “historical records” to be maintained records should not be destroyed. in an organizational archive rather than destroyed • Review destruction reports periodically that list when the legal and operational retention period records at off-site storage vendors that are eligible has expired. for destruction. Tax, Legal, Accounting, Internal Audit, Risk Management, and Regulatory Compli- ance departments should also review the listings. At a minimum, this should be done annually.

Records Management Best Practices Guide | p. 25 Conclusion

The need for compliant records management best practices is demonstrated daily in all businesses.

The escalating fines to organizations cited for poor corporate record keeping are a testament to the fact that compliant records management is no longer optional. A program must contain a proactive approach for management of all of the five Best Practice areas — Retention, Policies & Procedures, Access & Indexing, Compliance & Accountability, and Disposal. These areas need to be managed consistently and effectively. Organizations are now judged on the implementation of their records management programs and they must strive to demonstrate “good faith” efforts across all aspects of records management.

A compliant records management program must demonstrate the key elements of consistency, accountability, adoption and accessibility. These elements must be audited and updated consis- tently over the lifespan of the business.

These best practices and guiding principles provide the foundation for driving existing programs from sub-standard to stellar. Mediocre plans and processes do not constitute compliant records management programs. By striving to achieve excellence one step at a time in each of the five Best Practice areas of records management, a comprehensive and compliant program can be implemented.

With over 50 years of experience in the field, Iron Mountain is the partner more companies trust worldwide to design and implement a comprehensive and compliant records management program.

p. 26 | ironmountain.com

IRON MOUNTAIN SERVICES

RECORDS MANAGEMENT Iron Mountain provides compliant records management solutions to manage and protect your information assets. Our records management programs ensure that your business records are secure and easily accessible. We offer specialized services tailored to your unique needs.

SECURE SHREDDING Given the confidential nature of business records, it’s important to ensure complete destruction. Our secure shredding services help you to protect the privacy of your company, employees and customers.

DIGITAL ARCHIVING Our Digital Archive service group offers compliance and records management solutions for today’s leading organizations. We provide SEC-compliant digital archiving, supervision and data restoration and electronic discovery support services. With our extensive records management expertise we can help institute a comprehensive and compliant records management solution.

DATA PROTECTION Whether physically transporting and vaulting your backup tapes at one of our secure facilities or backing up your data through a secure Internet connection with Electronic Vaulting, our comprehensive data protection and disaster recovery services place your information off-site, off-line and out-of-reach; yet the data is accessible whenever and wherever you need it.

VITAL BUSINESS RECORDS Our climate-controlled, secure facilities are designed to protect irreplaceable documents like original deeds, wills, trusts, contracts, patents, and other notarized and certified records for you.

CONSULTING Today’s business world demands that companies follow sound, consistently applied records management practices. Let our consulting professionals review your current records management program, help you determine which records you need to retain, and create an appropriate retention schedule and records classification program for each.

The Records Management Best Practices Guide is published by Iron Mountain. © Copyright 2005 Iron Mountain. Iron Mountain and the design of 745 Atlantic Avenue the mountain are registered trademarks of Iron Mountain Incorporated. All other trademarks and registered trademarks are the property of their respective owners. All rights reserved. Printed in the United States of America. No part of this publication may be reproduced, in any form or by any Boston, Massachusetts 02111 means. Advice is given in general. Readers should consult professional counsel for specific legal or ethical questions. 1/2005 (800) 899-IRON

Iron Mountain operates in major markets worldwide, serving thousands of customers throughout the U.S., Europe, Canada, and Latin America. For more information, visit our Web site at www.ironmountain.com

US-RM-CR-400-05-001 (800) 899-IRON www.ironmountain.com